apiVersion: v1 kind: Namespace metadata: name: dns --- kind: ConfigMap apiVersion: v1 metadata: name: config namespace: dns data: private-Corefile: |- .:53 { log . "private: {remote}:{port} - {>id} {>opcode} {>name} {>type} {>proto}" debug file /config/db.cluster } public.cluster. { forward . 192.168.123.240 } public-Corefile: |- .:54 { log . "public: {remote}:{port} - {>id} {>opcode} {>name} {>type} {>proto}" debug file /config/db.public.cluster } db.cluster: |- $TTL 1m $ORIGIN cluster. @ IN SOA ns1.cluster. admin.cluster. ( 2025050302 ; serial 1m ; period 1m ; retry 1m ; exp 1m ; ttl ) control.cluster. IN A 192.168.123.1 ns1.cluster. IN A 192.168.123.241 ns2.cluster. IN A 192.168.123.240 public.cluster. IN NS ns2.cluster. private.cluster. IN A 192.168.123.241 whoami.private.cluster. IN CNAME private.cluster. db.public.cluster: |- $TTL 1m $ORIGIN public.cluster. @ IN SOA ns2.cluster. admin.cluster. ( 2025050302 ; serial 1m ; period 1m ; retry 1m ; exp 1m ; ttl ) ns2.cluster. IN A 192.168.123.240 public.cluster. IN A 192.168.123.240 whoami.public.cluster. IN CNAME public.cluster. --- kind: Deployment apiVersion: apps/v1 metadata: name: coredns namespace: dns spec: replicas: 1 selector: matchLabels: app: coredns template: metadata: labels: app: coredns spec: containers: - name: coredns-private image: coredns/coredns ports: - containerPort: 53 protocol: UDP - containerPort: 53 protocol: TCP args: - -conf=/config/private-Corefile volumeMounts: - mountPath: /config name: config readOnly: true resources: limits: cpu: "1000m" memory: "500Mi" requests: cpu: "10m" memory: "10Mi" - name: coredns-public image: coredns/coredns ports: - containerPort: 54 protocol: UDP - containerPort: 54 protocol: TCP args: - -conf=/config/public-Corefile volumeMounts: - mountPath: /config name: config readOnly: true resources: limits: cpu: "1000m" memory: "500Mi" requests: cpu: "10m" memory: "10Mi" volumes: - name: config configMap: name: config --- kind: Service apiVersion: v1 metadata: name: dns namespace: dns spec: ports: - port: 53 targetPort: 53 protocol: UDP name: dns-udp-private - port: 53 targetPort: 53 protocol: TCP name: dns-tcp-private - port: 54 targetPort: 54 protocol: UDP name: dns-udp-public - port: 54 targetPort: 54 protocol: TCP name: dns-tcp-public selector: app: coredns --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteUDP metadata: name: dns-udp-private namespace: dns spec: entryPoints: - dns-udp-private routes: - services: - name: dns port: 53 --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: dns-tcp-private namespace: dns spec: entryPoints: - dns-tcp-private routes: - match: HostSNI('*') services: - name: dns port: 53 --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteUDP metadata: name: dns-udp-public namespace: dns spec: entryPoints: - dns-udp-public routes: - services: - name: dns port: 54 --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: dns-tcp-public namespace: dns spec: entryPoints: - dns-tcp-public routes: - match: HostSNI('*') services: - name: dns port: 54